Every Estonian gambling licence holder is an obliged entity under the MLTFPA and must appoint a FIU contact person: a qualified individual, permanently resident in Estonia, registered with the FIU and accountable for the operator's AML obligations toward that authority.
The FIU writes exclusively in Estonian. Response windows are short. Administrative fines have been issued against operators with no functioning local contact person in place. A nominal appointment provides no protection.
The same function appears under three different labels depending on context, which causes confusion for operators encountering the requirement for the first time.
All three refer to the same statutory role, the same qualifications, and the same legal duties. This article uses them interchangeably.
The obligation under MLTFPA section 2(1)(3)[1] applies to every holder of an Estonian gambling activity licence issued by EMTA, regardless of where the operating company is incorporated. Estonia's Gambling Act[3] permits companies registered in other EU and EEA member states to hold a licence directly, without setting up a local entity. A significant share of Estonian licence holders are incorporated in Malta or other EU jurisdictions with no Estonian footprint at all.
That is precisely the operator profile where this requirement bites hardest. The licence creates the obligation; the absence of a local presence makes it impossible to satisfy from abroad.
Licence categories in scope include online casino and poker (games of chance, minimum share capital EUR 1,000,000), remote sports betting and toto (minimum EUR 130,000), and games of skill with monetary prizes. The obligation is active from the date of licence issue, not from when the operator goes live. The current list of licensed operators is publicly available on the EMTA website.[5]
MLTFPA section 17[1] sets out five distinct duties. These sit with the named individual, not with the company's compliance function generally.
Section 17(3) of the MLTFPA is explicit[1]: the contact person must permanently reside in Estonia. This is not a preference or a default that can be waived. The FIU will not accept a contact person based outside Estonia, and the requirement applies even where the operator has an otherwise fully functioning AML team in another jurisdiction.
The language dimension compounds this. The FIU writes in Estonian only. Response windows are short. An operator whose MLRO is based in Malta, with no Estonian language capacity in the compliance function, cannot respond to an FIU inquiry within the required timeframe even with goodwill and translation tools. That gap is not treated sympathetically in enforcement proceedings.
Enforcement risk is real. The MLTFPA gives the FIU authority to impose administrative fines for breaches including non-responsiveness to its correspondence. An operator without a registered, Estonian-speaking contact person cannot respond to FIU inquiries within the required timeframes and that gap is treated as a compliance breach, not an administrative oversight. A nominal appointment that cannot function in practice provides no protection.
The contact person must be registered with the FIU before acting in that capacity. Registration is separate from the licence application process: the individual's details are submitted to the FIU and must be kept current at all times. The contact person must have a good business reputation as defined under Estonian law, and must meet the qualification standards set out in MLTFPA section 17(4).
Where the contact person is provided on an outsourced basis, the appointment should be documented in a written service agreement. The operator retains full responsibility for its substantive AML and CFT obligations; the contact person holds the statutory liaison and reporting function. Both elements need to be clearly defined to survive FIU scrutiny of the arrangement.
On outsourced arrangements: appointing an external contact person is a recognised and workable structure. What the FIU assesses is whether the arrangement is genuine: whether the contact person has real access to the operator's AML programme, can answer questions about it substantively, and can act within the required timelines. A placeholder registration does not meet that test.
Our Estonian-based team provides outsourced FIU contact person services for operators holding or applying for Estonian gambling licences. The engagement is structured around a clear, contractually documented scope: handling FIU correspondence in Estonian, coordinating STR and ISR filings with the operator's internal compliance function, and keeping the operator informed of MLTFPA and FIU guidance developments relevant to its obligations.
The service is available at any stage: during the application process, at licence issue, or where an existing arrangement needs to be replaced or reinforced. A qualified contact person can typically be ready for FIU registration within two weeks of engagement.
Get in touch about your situation →
The MLTFPA gives the FIU authority to issue administrative fines for breaches of the Act, including failure to appoint a registered contact person and failure to respond to FIU correspondence within the prescribed timeframes. Beyond fines, the absence of a functioning contact person directly affects the operator's ability to meet STR and ISR submission deadlines which are separate obligations carrying their own enforcement consequences.
Operators who become aware of the gap should act quickly. The FIU's supervisory approach has become more active in recent years, and the window for addressing a compliance gap proactively rather than reactively is narrower than many operators assume.
Yes. Appointing an external, outsourced contact person is a recognised and widely used structure for operators who do not have an Estonian-based compliance function. The outsourced contact person must genuinely fulfil the statutory duties FIU correspondence, STR and ISR coordination, AML programme oversight and must be registered with the FIU in their own name.
Where an operator requires greater legal certainty, the engagement can also be structured with a formal employment contract between the contact person and the licensed entity, while day-to-day management, ongoing training, and operational support remain with our team. We assess which structure is the better fit at scoping stage and set out the options clearly before any engagement begins.
Legal references
[1] Money Laundering and Terrorist Financing Prevention Act (MLTFPA), Estonian text (latest consolidated version): section 2(1)(3) definition of obliged entities; section 17(3) and 17(4) on the appointment, qualifications and duties of the contact person. riigiteataja.ee/akt/113022026013
[2] MLTFPA, official English translation: riigiteataja.ee/en/eli/ee/517112017003/consolide/current
[3] Gambling Act (Hasartmänguseadus): licensing framework for gambling activity in Estonia.
[4] International Sanctions Act (Rahvusvaheliste sanktsioonide seadus): parallel reporting obligations applicable to licensed operators.
[5] EMTA list of licensed gambling operators: emta.ee/en/.../list-legal-gambling-operators
This article is provided for informational purposes only and does not constitute legal advice.
A senior advisor will assess your licence situation and come back with an honest view on how to structure the FIU contact person arrangement, what it will cost, and how quickly we can be in place. No obligation.